USN-4906-1: Nettle vulnerability
13 April 2021
Nettle could be made to crash or bypass signature verification if it opened a specially crafted certificate.
Releases
Packages
- nettle - low level cryptographic library
Details
It was discovered that Nettle incorrectly handled signature verification.
A remote attacker could use this issue to cause Nettle to crash, resulting
in a denial of service, or possibly force invalid signatures.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10
Ubuntu 20.04
Ubuntu 18.04
Ubuntu 16.04
In general, a standard system update will make all the necessary changes.